Package impact
NPM / open-webui
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-45665 | high | 8.1 | 8.1 | 13d ago | Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order | |
| CVE-2026-44721 | high | 7.3 | 7.3 | 13d ago | open-webui Vulnerable to Stored XSS via Model Description | |
| CVE-2026-45395 | high | 7.2 | 7.2 | 13d ago | Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution |